Commit Graph

  • d65bc4d8e3 Accepting request 1318598 from security factory Ana Guerrero 2025-11-20 13:47:23 +00:00
  • 65ea2b554b Accepting request 1318580 from home:djz88:branches:security:SELinux Marcus Meissner 2025-11-19 09:20:26 +00:00
  • 8b5c269d36 Accepting request 1314680 from security Dominique Leuenberger 2025-11-01 22:34:32 +00:00
  • 3062de4395 Accepting request 1314675 from home:jsegitz:branches:security Marcus Meissner 2025-10-31 09:52:06 +00:00
  • 748b923a67 Accepting request 1287567 from security Ana Guerrero 2025-06-23 12:50:34 +00:00
  • 80c692d974 Accepting request 1286045 from home:dimstar:Factory Marcus Meissner 2025-06-21 13:44:02 +00:00
  • 30ebaff108 Accepting request 1229046 from security slfo-main slfo-1.2 Ana Guerrero 2024-12-09 20:09:43 +00:00
  • ff70519425 Accepting request 1229046 from security Ana Guerrero 2024-12-09 20:09:43 +00:00
  • 2c8104cb44 Fix build without %check (boo#1227364) Marcus Meissner 2024-12-07 14:10:56 +00:00
  • 50a165265b Accepting request 1229015 from home:bmwiedemann:branches:security Marcus Meissner 2024-12-07 14:10:56 +00:00
  • fb3d21655a Accepting request 1228304 from security Ana Guerrero 2024-12-05 16:05:19 +00:00
  • d91126653b Accepting request 1228304 from security Ana Guerrero 2024-12-05 16:05:19 +00:00
  • 3dc793b08c - Update to 0.10.0: + swtpm: * Requires libtpms v0.10.0 * Display tpmstate-opt-lock as a new capability * Add support for lock option parameter to tpmstate option * nvstore_linear: Add support for file-backend locking * Remove broken logic to check for neither dir nor file backend * Use ptm_cap_n to build PTM_GET_CAPABILITY response * Define a structure to return PTM_GET_CAPABILITY result * Implement --print-info to run TPMLIB_GetInfo with flags * Support --profile fd= to read profile from file descriptor * Support --profile file= to read profile from file * Ignore remove-disabled parameter on non-'custom' profile * Check for good entropy source in chroot environment * Implement a check for HMAC+sha1 for testing future restriction * Implement function to check whether a crypto algorithm is disabled * Print cmdarg-print-profiles as part of capabilities * Check whether SHA1 signature support is disabled in profile * Use TPMLIB_WasManufactured to check whether profile was applied * Determine whether OpenSSL needs to be configured (FIPs, SHA1 signature) * Add support for --print-profiles option * Print profile names as part of capabilities JSON * Display new capability to allow setting a profile * Add support for --profile option to set a profile on TPM 2 + swtpm_setup: * Comment flags for storage primary key and deprecate --create-spk * Implement --print-profiles to display all profile * Add profile entries to swtpm_setup.conf written by swtpm_setup * Add support for --profile-name option * Accept profiles with name starting with 'custom:' * Support default profile from file in swtpm_setup.conf * Support --profile-file-fd to read profile from file descriptor * Support --profile-file to read profile from file * Always log the active profile * Implement --profile-remove-fips-disabled option * Read default profile from swtpm_setup.conf * Print profile names as part of capabilities JSON * Add support for --profile parameter * Get default rsa keysize from setup_setup.conf if not given + swtpm_ioctl: * Use ptm_cap_n for non-CUSE PTM_GET_CAPABILITY response + selinux: * Change write to append for appending to log * Add rule for logging to svirt_image_t labeled files from swtpm_t + tests: * Update IBMTSS2 test suite to v2.4.0 * Test activation of PCR banks when not all are available * Enable SWTPM_TEST_PROFILE for running test_tpm2_ibmtss2 with profile * Add a check for OPENSSL_ENABLE_SHA1_SIGNATURES in log file * Consolidate custom profile test cases and check for StateFormatLevel * Convert test_samples_create_tpmca to run installed * Mention test_tpm2_libtpms_versions_profiles requiring env. variables * allow running ibmtss2 tests against installed version * Derive support for CUSE from SWTPM_EXE help screen * Set OPENSSL_ENABLE_SHA1_SIGNATURES=1 for IBMTSS2 test * Extend test case testing across libtpms versions * Add test case for testing profiles across libtpms versions * Test the --profile option of swtpm_setup and swtpm * teach them to run installed * add installed-runner.sh * install tests on the system * lookup system binaries if INSTALLED is set + build-sys: * enable 64-bit file API on 32-bit systems * Add -Wshadow to the CFLAGS * Require that libtpms v0.10 is available for TPMLIB_SetProfile Marcus Meissner 2024-12-04 12:48:57 +00:00
  • 5f3eef7315 Accepting request 1228302 from home:aplanas:branches:security Marcus Meissner 2024-12-04 12:48:57 +00:00
  • 9231456bf8 Accepting request 1202016 from security Ana Guerrero 2024-09-20 15:09:01 +00:00
  • f088900df9 Accepting request 1202016 from security Ana Guerrero 2024-09-20 15:09:01 +00:00
  • 7468cdf8a6 - Fix swtpm custom module (bsc#1229131) - Add patch: 1229131-fix-swtpm-selinux-policy-mismatch.patch - this can be removed once swtpm upstream sorts out their custom selinux module. see: https://github.com/stefanberger/swtpm/issues/885 there were a couple changes in the selinux-policy libvirt handling which causes the logfile in /var/log/swtpm/libvirt/qemu/*.log to be labeled virt_log_t instead of var_log_t. this patch allows swtpm_t to open the virt_log_t Marcus Meissner 2024-09-19 14:01:38 +00:00
  • cba206f0a4 Accepting request 1202015 from home:cahu:branches:security Marcus Meissner 2024-09-19 14:01:38 +00:00
  • 543bf0e702 Accepting request 1191034 from security Dominique Leuenberger 2024-08-06 07:07:07 +00:00
  • 94954e1745 Accepting request 1191034 from security Dominique Leuenberger 2024-08-06 07:07:07 +00:00
  • 0686c8dbaf Accepting request 1190897 from home:rrahl0 Marcus Meissner 2024-08-01 18:11:21 +00:00
  • 4811fee0f5 Accepting request 1190897 from home:rrahl0 Marcus Meissner 2024-08-01 18:11:21 +00:00
  • 4c6a556542 Accepting request 1118837 from security Ana Guerrero 2023-10-19 20:46:56 +00:00
  • 22611c8202 Accepting request 1118837 from security Ana Guerrero 2023-10-19 20:46:56 +00:00
  • 06fbbd50d7 Accepting request 1118747 from home:firstyear:branches:security Marcus Meissner 2023-10-19 07:29:40 +00:00
  • eb953dc702 Accepting request 1118747 from home:firstyear:branches:security Marcus Meissner 2023-10-19 07:29:40 +00:00
  • 17e84e36e2 Accepting request 1111638 from security Ana Guerrero 2023-09-26 20:00:32 +00:00
  • 1de2679ea3 Accepting request 1111638 from security Ana Guerrero 2023-09-26 20:00:32 +00:00
  • c6fc1a9240 Accepting request 1111637 from home:msmeissn:branches:security Marcus Meissner 2023-09-16 10:14:31 +00:00
  • 2cf67913d8 Accepting request 1111637 from home:msmeissn:branches:security Marcus Meissner 2023-09-16 10:14:31 +00:00
  • 1804f12c82 Accepting request 1096892 from security Fabian Vogt 2023-07-06 16:27:54 +00:00
  • 24c72f73d1 Accepting request 1096892 from security Fabian Vogt 2023-07-06 16:27:54 +00:00
  • 5d3857dd8d Accepting request 1093513 from home:manfred-h Marcus Meissner 2023-07-05 06:54:53 +00:00
  • ae891910ac Accepting request 1093513 from home:manfred-h Marcus Meissner 2023-07-05 06:54:53 +00:00
  • 258633fdff Accepting request 1084024 from security Dominique Leuenberger 2023-05-03 10:56:27 +00:00
  • 527fc2a3f9 Accepting request 1084024 from security Dominique Leuenberger 2023-05-03 10:56:27 +00:00
  • e322973215 Accepting request 1084023 from home:msmeissn:branches:security Marcus Meissner 2023-05-02 12:16:37 +00:00
  • 0658857c43 Accepting request 1084023 from home:msmeissn:branches:security Marcus Meissner 2023-05-02 12:16:37 +00:00
  • 5bfd4aeb5e Accepting request 1073549 from security Dominique Leuenberger 2023-03-24 14:15:57 +00:00
  • a0ec5348e5 Accepting request 1073549 from security Dominique Leuenberger 2023-03-24 14:15:57 +00:00
  • 3fb71b9267 Accepting request 1073548 from home:msmeissn:branches:security Marcus Meissner 2023-03-21 12:57:57 +00:00
  • aedf625f94 Accepting request 1073548 from home:msmeissn:branches:security Marcus Meissner 2023-03-21 12:57:57 +00:00
  • 8828873bbc Accepting request 1073545 from home:msmeissn:branches:security Marcus Meissner 2023-03-21 12:51:07 +00:00
  • a2738a017a Accepting request 1073545 from home:msmeissn:branches:security Marcus Meissner 2023-03-21 12:51:07 +00:00
  • 3b651e6494 Accepting request 1069861 from security Dominique Leuenberger 2023-03-08 13:51:29 +00:00
  • 41c94411c4 Accepting request 1069861 from security Dominique Leuenberger 2023-03-08 13:51:29 +00:00
  • 93f24082f9 + Check header size indicator against expected size (CVE-2022-23645 bsc#1196240) Marcus Meissner 2023-03-07 08:25:52 +00:00
  • 3af01b2789 + Check header size indicator against expected size (CVE-2022-23645 bsc#1196240) Marcus Meissner 2023-03-07 08:25:52 +00:00
  • 5848fe1a37 Accepting request 1069732 from home:aplanas:branches:security Marcus Meissner 2023-03-07 08:25:26 +00:00
  • 0417008d7a Accepting request 1069732 from home:aplanas:branches:security Marcus Meissner 2023-03-07 08:25:26 +00:00
  • 98513e2108 Accepting request 974426 from security Dominique Leuenberger 2022-05-04 13:17:37 +00:00
  • b77d0ad618 Accepting request 974426 from security Dominique Leuenberger 2022-05-04 13:17:37 +00:00
  • a06ed21114 Accepting request 973850 from home:msmeissn:branches:security Marcus Meissner 2022-05-02 13:42:36 +00:00
  • 7301db9a1b Accepting request 973850 from home:msmeissn:branches:security Marcus Meissner 2022-05-02 13:42:36 +00:00
  • 52536a98d7 Accepting request 967242 from security Dominique Leuenberger 2022-04-07 22:27:22 +00:00
  • e4cda68aa3 Accepting request 967242 from security Dominique Leuenberger 2022-04-07 22:27:22 +00:00
  • 354b107645 Accepting request 967210 from home:marxin:branches:security Marcus Meissner 2022-04-06 08:39:04 +00:00
  • 60827af161 Accepting request 967210 from home:marxin:branches:security Marcus Meissner 2022-04-06 08:39:04 +00:00
  • 26e247d3aa Accepting request 960503 from security Dominique Leuenberger 2022-03-11 20:41:04 +00:00
  • c59c56cf0e Accepting request 960503 from security Dominique Leuenberger 2022-03-11 20:41:04 +00:00
  • 6e373795cd Accepting request 960501 from home:wfrisch:branches:security Marcus Meissner 2022-03-09 14:19:29 +00:00
  • 0a25005462 Accepting request 960501 from home:wfrisch:branches:security Marcus Meissner 2022-03-09 14:19:29 +00:00
  • 48ad1e1b5d Accepting request 957026 from security Dominique Leuenberger 2022-02-24 17:18:18 +00:00
  • 8ee64add93 Accepting request 957026 from security Dominique Leuenberger 2022-02-24 17:18:18 +00:00
  • 0aa5880cf9 Accepting request 956473 from home:msmeissn:branches:security Marcus Meissner 2022-02-23 12:02:37 +00:00
  • 518202c980 Accepting request 956473 from home:msmeissn:branches:security Marcus Meissner 2022-02-23 12:02:37 +00:00
  • ee0def1312 Accepting request 930649 from security Dominique Leuenberger 2021-11-12 14:59:06 +00:00
  • 2a18115b4c Accepting request 930649 from security Dominique Leuenberger 2021-11-12 14:59:06 +00:00
  • 1bbb90dad8 - Update to version 0.7.0: - swtpm: - Support for linear file storage backend (file://) - Report 'tpm-1.2' & 'tpm-2.0' in --print-capabilities depending what libtpms supports - Add implementation of SWTPM_HMAC using OpenSSL 3.0 APIs - Wipe keys from stack and heap - Many other small changes - Make --daemon not racy - swtpm_setup: - Only activate SHA256 PCR bank, not SHA1 bank anymore by default - Support for linear file storage backend (file://) - Implement option --create-config-files to create config files - Use non-deprecated APIs to contruct RSA key (OSSL 3) - Report stderr as returned by external tool (swtpm-localcal) - Replace '+' and ',' characters in VMId's to make work with common name in X509 subject - Add support for --reconfigure flag to change active PCR banks - swtpm_localca: - Created certificates for CAs and TPM that do not expire - swtpm_cert: - Allow passing -1 for days to get a non-expiring certificate - test: - ASAN-related test changes and skipping of tests if ASAN is used - Fix tests using tpm2-abrmd by preventing concurrency - Skip chardev related tests after checking for chardev support - exit with error code if mktemp fails - OSSL 3: Make TPM 1.2 test compile; skip IBM TSS 2 test - build-sys: - Introduce --enable-sanitizers to configure Marcus Meissner 2021-11-10 08:50:07 +00:00
  • 454ef570a1 - Update to version 0.7.0: - swtpm: - Support for linear file storage backend (file://) - Report 'tpm-1.2' & 'tpm-2.0' in --print-capabilities depending what libtpms supports - Add implementation of SWTPM_HMAC using OpenSSL 3.0 APIs - Wipe keys from stack and heap - Many other small changes - Make --daemon not racy - swtpm_setup: - Only activate SHA256 PCR bank, not SHA1 bank anymore by default - Support for linear file storage backend (file://) - Implement option --create-config-files to create config files - Use non-deprecated APIs to contruct RSA key (OSSL 3) - Report stderr as returned by external tool (swtpm-localcal) - Replace '+' and ',' characters in VMId's to make work with common name in X509 subject - Add support for --reconfigure flag to change active PCR banks - swtpm_localca: - Created certificates for CAs and TPM that do not expire - swtpm_cert: - Allow passing -1 for days to get a non-expiring certificate - test: - ASAN-related test changes and skipping of tests if ASAN is used - Fix tests using tpm2-abrmd by preventing concurrency - Skip chardev related tests after checking for chardev support - exit with error code if mktemp fails - OSSL 3: Make TPM 1.2 test compile; skip IBM TSS 2 test - build-sys: - Introduce --enable-sanitizers to configure Marcus Meissner 2021-11-10 08:50:07 +00:00
  • 9dda348d94 Accepting request 920852 from security Dominique Leuenberger 2021-09-26 19:48:17 +00:00
  • dd57fb7f52 Accepting request 920852 from security Dominique Leuenberger 2021-09-26 19:48:17 +00:00
  • f0d81401b9 - Update to version 0.6.1: - swtpm: - Clear keys from stack and heap - swtpm-localca: - Add missing else branch for pkcs11 and PIN - swtpm_setup: - Initialize Gerror and free it - Replace '\\s' in regex with [[:space:]] to fix cygwin - tests: - Kill tpm2-abrmd with SIGKILL rather SIGTERM - build-sys: - Use -DOPENSSL_SUPPRESS_DEPRECATED to suppress deprecation warnings (OSSL 3) - Enable configuring with CFLAGS and passing additional CFLAGS on build Marcus Meissner 2021-09-22 09:35:00 +00:00
  • 254a2f471f - Update to version 0.6.1: - swtpm: - Clear keys from stack and heap - swtpm-localca: - Add missing else branch for pkcs11 and PIN - swtpm_setup: - Initialize Gerror and free it - Replace '\\s' in regex with [[:space:]] to fix cygwin - tests: - Kill tpm2-abrmd with SIGKILL rather SIGTERM - build-sys: - Use -DOPENSSL_SUPPRESS_DEPRECATED to suppress deprecation warnings (OSSL 3) - Enable configuring with CFLAGS and passing additional CFLAGS on build Marcus Meissner 2021-09-22 09:35:00 +00:00
  • 3a4505e5ba Accepting request 912783 from security Richard Brown 2021-08-19 11:06:39 +00:00
  • 14f512fbac Accepting request 912783 from security Richard Brown 2021-08-19 11:06:39 +00:00
  • 0e250bbded Accepting request 911320 from home:gmbr3:Active Marcus Meissner 2021-08-16 13:22:06 +00:00
  • 6c7a481842 Accepting request 911320 from home:gmbr3:Active Marcus Meissner 2021-08-16 13:22:06 +00:00
  • ec4b576af5 - swtpm-rename_deprecated_libtasn1_types.patch: upstream Marcus Meissner 2021-08-09 08:56:23 +00:00
  • 15c51ad7f1 - swtpm-rename_deprecated_libtasn1_types.patch: upstream Marcus Meissner 2021-08-09 08:56:23 +00:00
  • 9f05f64ac4 Accepting request 910608 from home:gmbr3:Active Marcus Meissner 2021-08-09 08:47:13 +00:00
  • 060b5a7f72 Accepting request 910608 from home:gmbr3:Active Marcus Meissner 2021-08-09 08:47:13 +00:00
  • 639a6a4123 Accepting request 894591 from security Dominique Leuenberger 2021-05-21 19:49:39 +00:00
  • b52a217001 Accepting request 894591 from security Dominique Leuenberger 2021-05-21 19:49:39 +00:00
  • 099d31ba0a Accepting request 894521 from home:pmonrealgonzalez:branches:security Gary Ching-Pang Lin 2021-05-20 09:56:17 +00:00
  • e592f545df Accepting request 894521 from home:pmonrealgonzalez:branches:security Gary Ching-Pang Lin 2021-05-20 09:56:17 +00:00
  • 2ce130d3a6 Accepting request 858915 from security Dominique Leuenberger 2020-12-28 09:30:50 +00:00
  • e58afad4a0 Accepting request 858915 from security Dominique Leuenberger 2020-12-28 09:30:50 +00:00
  • b1fc3d57f8 Accepting request 858841 from home:msmeissn:branches:security Gary Ching-Pang Lin 2020-12-28 01:23:52 +00:00
  • 9dfdb5c9f7 Accepting request 858841 from home:msmeissn:branches:security Gary Ching-Pang Lin 2020-12-28 01:23:52 +00:00
  • a2333b736e Accepting request 858005 from security Dominique Leuenberger 2020-12-22 10:52:12 +00:00
  • 4d29bf8bda Accepting request 858005 from security Dominique Leuenberger 2020-12-22 10:52:12 +00:00
  • 48200997b7 Accepting request 858004 from home:gary_lin:branches:security Gary Ching-Pang Lin 2020-12-22 08:05:26 +00:00
  • 47cedf83af Accepting request 858004 from home:gary_lin:branches:security Gary Ching-Pang Lin 2020-12-22 08:05:26 +00:00
  • 4d287787ed Accepting request 857979 from home:gary_lin:branches:security Gary Ching-Pang Lin 2020-12-22 06:30:57 +00:00
  • f297eae77e Accepting request 857979 from home:gary_lin:branches:security Gary Ching-Pang Lin 2020-12-22 06:30:57 +00:00
  • 756febd8ac Accepting request 850055 from security Dominique Leuenberger 2020-11-23 14:48:47 +00:00
  • 443b9dd76c Accepting request 850055 from security Dominique Leuenberger 2020-11-23 14:48:47 +00:00
  • 9bbeceb75c Accepting request 850053 from home:kailiu:branches:security Gary Ching-Pang Lin 2020-11-23 03:28:09 +00:00
  • 5b97ece037 Accepting request 850053 from home:kailiu:branches:security Gary Ching-Pang Lin 2020-11-23 03:28:09 +00:00